<?php

/*----------------------------------------------+
|  MaxForum					|
|  ===========================================	|
|  By Majd Almontaser				|
|  Released under the License GNU v3.0		|
|  http://www.Max4Dev.com			|
|  ===========================================	|
|  Ttmtt Team - http://www.liioiil.com		|
+-----------------------------------------------*/


set_magic_quotes_runtime(0);

#--------------------------------
# Gather required files
#--------------------------------

	define('MAX_ON', true);

	# Work out root address
	$max_root = str_replace('includes\pages\gallery\post_comment.php', '', __FILE__);
	
	include '../../config.php';
	include '../../../libs/php/functions.php';
	
#--------------------------------
# Collect sent data
#--------------------------------

	$image		= (int) $_POST['image'];
	$comment 	= escape_string(urldecode($_POST['comment']));
	
#--------------------------------
# Work some things out...
#--------------------------------
	
	#-------------------------------
	# Who are they?
	#-------------------------------
	
		$loggedIn = false;
	
		if (isset($_COOKIE['max_name'], $_COOKIE['max_password']))
		{
			$uName = escape_string($_COOKIE['max_name']);
			$uPass = escape_string($_COOKIE['max_password']);
	
			$query	= mysql_query('SELECT id, time_offset, board_lang FROM ' . $db_prefix . 'members WHERE name = "' . $uName . '" AND password = "' . $uPass . '" LIMIT 1') or die (mysql_error());
			
			$row	= mysql_fetch_assoc($query);
		
			if (!empty($row))
			{
				$loggedIn		= true;
				$uId			= $row['id'];
				$time_offset	= $row['time_offset'];
				$board_lang		= $row['board_lang'];
				
				if ($lang == '')
				{
					$query2 = mysql_query('SELECT board_lang FROM ' . $db_prefix . 'settings');
					$row2	= mysql_fetch_assoc($query2);
					
						$board_lang = $row2['board_lang'];
				}
				
				# load language files
				@include '../../../language/' . $board_lang . '';
				@include '../../../language/' . $board_lang . '.php';
				
				$format_time	= $lang['date_format'];
				$date_today		= $lang['date_today'];
				$date_yesterday	= $lang['date_yesterday'];
				$date_minute	= $lang['date_minute'];
				$date_minutes	= $lang['date_minutes'];	
				$date_hour		= $lang['date_hour'];	
				$date_hours		= $lang['date_hours'];
				
				#------------------------------------------------------------------
				# Now check whether they have already commented
				#------------------------------------------------------------------
				
					$query	= mysql_query('SELECT count(id) as commented FROM ' . $db_prefix . 'gallery_images_comments WHERE user = ' . $uId . ' AND image = ' . $image . ' LIMIT 1');
					
					$row	= mysql_fetch_assoc($query);
			}
		}

#---------------------------------------------------------------
# Now add the comment, provided everything's ok
#---------------------------------------------------------------

	if ($comment != '')
	{
		if ($loggedIn == true && $row['commented'] == 0)
		{

			mysql_query('INSERT INTO ' . $db_prefix . 'gallery_images_comments (image, user, comment, time) VALUES (' . $image . ', ' . $uId . ', "' . $comment . '", ' . time() . ')');
		
		} else
		{
	
			template_hook('pages/gallery/view-image.template.php', 5);
		}
	}
	
#-------------------------------------
# Grab the updated comments
#-------------------------------------

	$query = mysql_query('
		SELECT
			c.comment, c.time, m.id, m.name
			
		FROM
			' . $db_prefix . 'gallery_images_comments c, ' . $db_prefix . 'members m
			
		WHERE
			c.image = ' . $image . ' AND
			c.user = m.id
			
		ORDER BY
			c.time DESC
	') or die (mysql_error());
	
	while ($row = mysql_fetch_assoc($query))
	{
		$row['comment'] = iconv('UTF-8', 'CP1256', $row['comment']);
		$row['comment']	= strip_slashes($row['comment']);
		$var1 = member_link($row['id'], 0);
		$var2 = format_date($row['time']);
		$by = sprintf($lang['view_image_comments_by'], $var1, $var2);
		
		template_hook('pages/gallery/view-image.template.php', 3);
	}
?>
